Channels

Services

Study: Open source software is improving

The code analysis tools vendor, Coverity, has released the 2009 edition of the Coverity Scan Open Source Report. The survey, which was originally initiated by the U.S. Department of Homeland Security in 2006, examines the integrity and quality of open source software. The results are based on an analysis of 11 billion lines of code from 280 open source projects including Firefox, Linux, PHP, Ruby and Samba over three years. The analysis was carried out using Coverity's Scan service.

One of the study's conclusions is that the integrity, quality and security levels of open source code are improving. Since 2006, Coverity's Scan service has exposed more than 11,200 flaws in 180 submitted programs, allowing programmers to fix the detected flaws. The vendor has found that the number of flaws detected by static analysis has decreased by 16 per cent overall.

Coverity grades the examined projects in "rungs", a term the vendor uses to describe various certification levels for software integrity. 144 projects are currently at Rung 1, while 36 are at Rung 2. Four projects – OpenPAM (a free Pluggable Authentication Modules implementation), the Ruby programming language, the Samba server and the TOR network – have reached the highest level (Rung 3). Coverity highlights these projects as role models for high integrity software, commending them for their nightly builds, their unit and regression testing and their continuous integration process.

The most common flaws detected across participating projects over the years are NULL pointers, resource leaks and unintentional ignored expressions.